The right approach to security issues on github
Some time ago, github sent the following letter (I quote in selective quotation):
In fact - a hole that allows outsiders to add their keys to authorized.
')
Well, the hole and the hole. I noted for myself that I need to check, and forgot. Now I did git push and found the following message:
In other words, no keys will be accepted without an audit. Uncomfortable? Yes. Right? Yes!
It was a security vulnerability.
This is a fact that SSH keys.
In fact - a hole that allows outsiders to add their keys to authorized.
')
Well, the hole and the hole. I noted for myself that I need to check, and forgot. Now I did git push and found the following message:
ERROR: Hi amarao, it's GitHub. We're doing an SSH key audit.
Please visit github.com/settings/ssh/audit/xxxxxx
be safe.
Fingerprint: f7: aa: 27: bb: 97: cc: 6d: dd: 32: 51: ee: 26: 8d: ff: ac: f9
fatal: the remote end hung up unexpectedly
In other words, no keys will be accepted without an audit. Uncomfortable? Yes. Right? Yes!
Source: https://habr.com/ru/post/139667/
All Articles